Keep up-to-date with the latest regulatory updates and changes that impact your business.

HIPAA and Data Security and Privacy

Overview

Despite the fact that the industry has been living with HIPAA for well over a decade, keeping patients health information private and secure in the Internet age continues to be an area where many health care providers are vulnerable to penalties, sanctions, and litigation. The increasing reliance on electronic data and the implementation of electronic health records has added a new wrinkle, opening providers up to data breach allegations under both HIPAA and state breach laws. Simultaneously, access to large electronic data sets and the use of analytics holds significant promise for improving personalized care, population health, and biomedical research. Health care providers need a trusted advisor in their corner, one with a solid understanding of the intricacies of this complex area of law. Smith Moore Leatherwood fills that advisory role for providers across the country.

Our team has served as counsel to three state health information management associations, and we participate regularly in the activities of national organizations focusing on health information management and privacy issues. We also count nationally-recognized professionals among our HIPAA and Data Security and Privacy team who have published and spoken extensively on these topics at state and national meetings. On a daily basis, we assist providers—from single-physician practices to large multi-hospital systems—in assessing privacy risks, responding to requests for patient information, evaluating their privacy and data security infrastructures, and considering how they may use health information in innovative ways.

Whether you have identified privacy and data security concerns at your organization, are looking for assistance in reviewing and strengthening existing policies and practices, need help starting an effective privacy program, or are interested in determining how to use analytics software to improve your bottom line, our HIPAA and data security and privacy team can help. Contact one of our team members today for more information.

As representative examples of work for our clients in this area, we have:

Created practical packages of template HIPAA/HITECH policies, forms, and guidance documents tailored to specific provider types (physicians, hospitals, skilled nursing facilities) and specific state legal requirements for states across the Southeast

Assisted providers in responding to subpoenas received for patients' protected health information

Advised a software designer hired by provider to develop an electronic charting system that was HIPAA/HITECH compliant

Met with local law enforcement agencies on behalf of hospital systems to educate law enforcement on limitations imposed by HIPAA and state law on disclosures of patient information and documentation needed to comply with such requests

Taught courses for nursing and physician personnel regarding HIPAA basics, as well as specialized topics such as HIPAA and disclosure of behavioral health records; approaches when an employee is also a patient; access to and disclosure of minor patients' records; and working with law enforcement

Assisted large physician practice in demonstrating Meaningful Use Stage 2 compliance, including compliance with HIPAA and privacy requirements

Assisted multi-hospital system in responding to post-payment Meaningful Use Stage 1 audits and in preparing for compliance with Meaningful Use Stage 2 requirements

Assisted in development of regional and enterprise health information exchange organizations, including establishment of governance structure, data use agreements, privacy and security policies and procedures, and advice on operational matters

Evaluated regulatory implications of licensing de-identified health data from organizations and sub-licensing such de-identified data sets to organizations seeking large data sets for research, population health, and quality improvement on behalf of a business analytics start-up

Assisted hospital and physician practice clients in preparing and negotiating contracts for the donation of electronic health record items and services in accordance with Stark law and Anti-Kickback Statute requirements

Assisted hospital systems in addressing "one patient, one record" safeguards to implement when moving to single electronic health record system for use by all provider entities within the systems

Services

Industries

Each of our lawyer's e-mail address is provided with his or her biography. If you are not a current client of our firm, you should not e-mail our
lawyers with any confidential information or any information about a specific legal matter, given that our firm may presently represent persons or
companies who have interests that are adverse to you. If you are not a current client and you e-mail any lawyer in our firm, you do so without any
expectation of confidentiality. We will not establish a professional relationship with you via e-mail. Instead, you should contact our firm by telephone
so that we can determine whether we are in a position to consult with you about any legal matters before you share any confidential or sensitive
information with us.